RMX Security CERT Global

    • Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400
      Palo Alto Networks has released workaround guidance for a command injection vulnerability (CVE-2024-3400) affecting PAN-OS versions 10.2, 11.0, and 11.1. Palo Alto Networks has reported active exploitation of this vulnerability ... read more
    • TZCERT-SU-24-0388 (EasyApache Security Update)
      Cpanel has released security updates to address multiple vulnerabilities in EasyApache4. Exploitation of these vulnerability may allow an attacker to take control of an affected system. Users and Administrators are ... read more
    • TZCERT-SU-24-0390 (Mageia Security Update)
      Mageia has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0397 (FortiGuard Security Update)
      FortiGuard has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0396 (SUSE Security Update)
      SUSE has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0395 (Ubuntu Security Update)
      Ubuntu has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0394 (Dell Security Update)
      Dell has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0393 (Red Hat Security Update)
      Red Hat has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and ... read more
    • TZCERT-SU-24-0391 (Slackware Security Update)
      Slackware has released security updates to address a vulnerability in Libarchive package. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0392 (Zoom Security Update)
      Zoom has released security updates to address vulnerabilities in Zoom Desktop Client for Linux, macOS and Windows. Exploitation of these vulnerabilities may allow an attacker to take control of an ... read more
    • TZCERT-SU-24-0389 (Oracle Linux Security Update)
      Oracle has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control, of an affected system. Users and Administrators ... read more
    • CERT-SE:s veckobrev v.15
      Denna vecka har det varit patchtisdag, men vi har även uppmärksammat ytterligare några kritiska sårbarheter. Se till att alla relevanta säkerhetsuppdateringar är genomförda. Vi tipsar även om ett antal läsvärda ... read more
    • UPDATE GitLab Community Edition and Enterprise Edition: CVSS (Max): 8.7
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2273.2 GitLab Patch Release: 16.10.2, 16.9.4, 16.8.6 12 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: GitLab Community Edition GitLab Enterprise Edition Publisher: ... read more
    • CISA Issues Emergency Directive 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System
      Today, CISA publicly issued Emergency Directive (ED) 24-02 to address the recent campaign by Russian state-sponsored cyber actor Midnight Blizzard to exfiltrate email correspondence of Federal Civilian Executive Branch (FCEB) ... read more
    • Flera sårbarheter i Fortinet-produkter
      Fortinet har publicerat en varning om flera sårbarheter i FortiClientLinux, FortiOS och FortiProxy, varav en klassas som kritisk. ... read more
    • IBM Security QRadar SIEM: CVSS (Max): 5.9
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2200 RabbitMQ protocol as used by IBM QRadar SIEM lacks certificate validation (CVE-2023-50949) 11 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM ... read more
    • CERT-SE:s veckobrev v.14
      Blandade nyheter från veckan som gått. Denna förkortade arbetsvecka har präglats i hög grad av den uppmärksammade bakdörren i XZ Utils. ... read more
    • HTTP/2: CVSS (Max): 7.5*
      =========================================================================== AUSCERT Security Bulletin ASB-2024.0058 HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks 5 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: HTTP/2 Operating System: Windows UNIX variants (UNIX, ... read more
    • Developing and Using a Software Bill of Materials Framework
      With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur ... read more
    • CISA Releases Two Industrial Control Systems Advisories
      CISA released two Industrial Control Systems (ICS) advisories on April 4, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-095-01 Hitachi Energy Asset ... read more
    • CISA Adds Two Known Exploited Vulnerabilities to Catalog
      CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29745 Android Pixel Information Disclosure Vulnerability CVE-2024-29748 Android Pixel Privilege Escalation Vulnerability These ... read more
    • CERTFR-2024-AVI-0269 : Multiples vulnérabilités dans Mozilla Firefox (04 avril 2024)
      De multiples vulnérabilités ont été découvertes dans Mozilla Firefox. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et une injection de code indirecte ... read more
    • CERTFR-2024-AVI-0271 : Multiples vulnérabilités dans les produits Ivanti (04 avril 2024)
      De multiples vulnérabilités ont été découvertes dans les produits Ivanti. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance ... read more
    • CERTFR-2024-AVI-0272 : Multiples vulnérabilités dans Google Android et Pixel (04 avril 2024)
      De multiples vulnérabilités ont été découvertes dans les produits Android. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données ... read more
    • CERTFR-2024-AVI-0270 : Vulnérabilité dans Cisco Nexus Dashboard Fabric Controller (04 avril 2024)
      Une vulnérabilité a été découverte dans Cisco Nexus Dashboard Fabric Controller. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données. ... read more
    • 0-dage udnyttes af kommercielle spywarefirmaer
      Sikkerhedsresearchere har afdækket, at kommercielle spywarefirmaer i stigende grad står bag udnyttelse af 0-dagssårbarheder mod mobiltelefoner og andre slutbrugerprodukter. Det skriver Cyberscoop i en artikel med henvisning til en rapport, ... read more
    • grafana-pcp: CVSS (Max): 7.5
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2029 grafana-pcp security and bug fix update 4 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: grafana-pcp Publisher: Red Hat Operating System: Red ... read more
    • Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P): CVSS (Max): 6.1
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2052 Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability 4 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco Unified ... read more
    • Cisco Nexus Dashboard Products: CVSS (Max): 7.5
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2053 Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability 4 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco ... read more
    • bind9.16: CVSS (Max): 7.5
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2031 bind9.16 security update 4 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: bind9.16 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade ... read more
    • grafana: CVSS (Max): 7.5
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2030 grafana security and bug fix update 4 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: grafana Publisher: Red Hat Operating System: Red ... read more
    • TZCERT-SU-24-0365 (Mageia Security Update)
      Mageia has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0369 (Cisco Security Update)
      Cisco has released security updates to address vulnerability in Cisco IOS XE Software Unified Threat Defense. Exploitation of this vulnerability may allow an attacker to take control of an affected ... read more
    • TZCERT-SU-24-0370 (NetApp Security Update)
      NetApp has released security updates to address vulnerabilities in XZ Util and Apache Tomcat. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users ... read more
    • TZCERT-SU-24-0368 (Palo Alto Security Update)
      Palo Alto Networks has released security updated to address vulnerabilities in version 5.6.0 and 5.6.1 of XZ tools and libraries. Exploitation of these vulnerabilities may allow an attacker to take ... read more
    • TZCERT-SU-24-0367 (MediaTek Security Update)
      MediaTek has released security updated to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0366 (Gentoo Linux Security Update)
      Gentoo Linux has released security updates to address a vulnerability in app-arch/xz-utils. Exploitation of this vulnerability may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0364 (HP Security Update)
      HP has released security updates to address vulnerabilities in AMD Graphics Driver. Exploitation of these vulnerabilities may allow an attacker to cause Denial of Service condition or take control of ... read more
    • TZCERT-SU-24-0354 (Dell Security Update)
      Dell has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • TZCERT-SU-24-0355 (Ubuntu Security Update)
      Ubuntu has released security updates to address a vulnerability in Cacti package. Exploitation of this vulnerability may allow an attacker to cause Denial of Service Condition to an affected system. ... read more
    • TZCERT-SU-24-0358 (Red Hat Security Update)
      Red Hat has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and ... read more
    • TZCERT-SU-24-0357 (Adobe Security Update)
      Adobe has released security updates to address vulnerabilities in Adobe Experience Manager (AEM). Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and ... read more
    • TZCERT-SU-24-0356 (SUSE Security Update)
      SUSE has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system. Users and Administrators ... read more
    • Staatlich gesponserte “Entwicklung” quelloffener Software
      TL;DR: Wer auf der Suche nach einer kurzen Zusammenfassung der Geschehnisse rund um die (höchstwahrscheinliche) Backdoor in cz, CVE-2024-3094, ist, möge einen Blick auf diese durch den Sicherheitsforscher Thomas Roccia ... read more
    • Researchere finder stort botnet
      Malwarejægere slår alarm efter at have opdaget et stort botnet, der består af udtjente routere og IoT-enheder. Det skriver Security Week i en artikel i påskeugen. Botnettet blev første gang ... read more
    • Angriber macOS-brugere med infostealere
      Ondsindede annoncer og falske websteder er observeret brugt som en kanal til levering af to forskellige typer infostealer-malware mod macOS-brugere. Det skriver The Hacker News i en artikel, som er ... read more
    • Kritisk fejl i Linux-komprimeringsværktøj
      Der er fundet en kritisk fejl i et datakomprimeringsværktøj, XZ, der bruges på praktisk taget alle Linux-platforme. Sårbarheden kan potentielt udnyttes til remote code execution med de rettigheder, som distributionen ... read more
    • mediawiki: CVSS (Max): None
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1961 mediawiki security update 2 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: mediawiki Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade Original ... read more
    • Linux Kernel (Live Patch 18 for SLE 15 SP4): CVSS (Max): 7.0
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1972 Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP4) 2 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
    • Linux Kernel (Live Patch 40 for SLE 15 SP3): CVSS (Max): 7.0
      =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1957 Security update for the Linux Kernel (Live Patch 40 for SLE 15 SP3) 2 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ... read more
Title Category Tag

Accelerating Action CDP Global Water Report 2015 – Project Financing

InfrastructureProjectFinanceWater governments infrastructure water

Africa – The State of African Utilities Performance Assessment and Benchmarking Report – Water

SmartCitiesStandardsPracticesWater africa infrastructure water